Add TLS setting to router areas

pull/3274/head
Kyle Havlovitz 2017-07-14 17:31:52 -07:00
parent 090414db15
commit 78c3a86405
No known key found for this signature in database
GPG Key ID: 8A5E6B173056AD6C
3 changed files with 36 additions and 13 deletions

View File

@ -371,7 +371,7 @@ func NewServerLogger(config *Config, logger *log.Logger) (*Server, error) {
go s.lanEventHandler() go s.lanEventHandler()
// Add a "static route" to the WAN Serf and hook it up to Serf events. // Add a "static route" to the WAN Serf and hook it up to Serf events.
if err := s.router.AddArea(types.AreaWAN, s.serfWAN, s.connPool); err != nil { if err := s.router.AddArea(types.AreaWAN, s.serfWAN, s.connPool, s.config.VerifyOutgoing); err != nil {
s.Shutdown() s.Shutdown()
return nil, fmt.Errorf("Failed to add WAN serf route: %v", err) return nil, fmt.Errorf("Failed to add WAN serf route: %v", err)
} }

View File

@ -76,6 +76,9 @@ type areaInfo struct {
// managers maps datacenter names to managers for that datacenter in // managers maps datacenter names to managers for that datacenter in
// this area. // this area.
managers map[string]*managerInfo managers map[string]*managerInfo
// useTLS specifies whether to use TLS to communicate for this network area.
useTLS bool
} }
// NewRouter returns a new Router with the given configuration. // NewRouter returns a new Router with the given configuration.
@ -112,7 +115,7 @@ func (r *Router) Shutdown() {
} }
// AddArea registers a new network area with the router. // AddArea registers a new network area with the router.
func (r *Router) AddArea(areaID types.AreaID, cluster RouterSerfCluster, pinger Pinger) error { func (r *Router) AddArea(areaID types.AreaID, cluster RouterSerfCluster, pinger Pinger, useTLS bool) error {
r.Lock() r.Lock()
defer r.Unlock() defer r.Unlock()
@ -128,6 +131,7 @@ func (r *Router) AddArea(areaID types.AreaID, cluster RouterSerfCluster, pinger
cluster: cluster, cluster: cluster,
pinger: pinger, pinger: pinger,
managers: make(map[string]*managerInfo), managers: make(map[string]*managerInfo),
useTLS: useTLS,
} }
r.areas[areaID] = area r.areas[areaID] = area
@ -168,6 +172,19 @@ func (r *Router) removeManagerFromIndex(datacenter string, manager *Manager) {
panic("managers index out of sync") panic("managers index out of sync")
} }
// Returns whether TLS is enabled for the given area ID
func (r *Router) TLSEnabled(areaID types.AreaID) (bool, error) {
r.RLock()
defer r.RUnlock()
area, ok := r.areas[areaID]
if !ok {
return false, fmt.Errorf("area ID %q does not exist", areaID)
}
return area.useTLS, nil
}
// RemoveArea removes an existing network area from the router. // RemoveArea removes an existing network area from the router.
func (r *Router) RemoveArea(areaID types.AreaID) error { func (r *Router) RemoveArea(areaID types.AreaID) error {
r.Lock() r.Lock()
@ -207,6 +224,12 @@ func (r *Router) addServer(area *areaInfo, s *agent.Server) error {
go manager.Start() go manager.Start()
} }
// If TLS is enabled for the area, set it on the server so the manager
// knows to use TLS when pinging it.
if area.useTLS {
s.UseTLS = true
}
info.manager.AddServer(s) info.manager.AddServer(s)
return nil return nil
} }

View File

@ -105,7 +105,7 @@ func TestRouter_Shutdown(t *testing.T) {
// Create a WAN-looking area. // Create a WAN-looking area.
self := "node0.dc0" self := "node0.dc0"
wan := testCluster(self) wan := testCluster(self)
if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}); err != nil { if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -113,7 +113,7 @@ func TestRouter_Shutdown(t *testing.T) {
otherID := types.AreaID("other") otherID := types.AreaID("other")
other := newMockCluster(self) other := newMockCluster(self)
other.AddMember("dcY", "node1", nil) other.AddMember("dcY", "node1", nil)
if err := r.AddArea(otherID, other, &fauxConnPool{}); err != nil { if err := r.AddArea(otherID, other, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
_, _, ok := r.FindRoute("dcY") _, _, ok := r.FindRoute("dcY")
@ -129,7 +129,7 @@ func TestRouter_Shutdown(t *testing.T) {
} }
// You can't add areas once the router is shut down. // You can't add areas once the router is shut down.
err := r.AddArea(otherID, other, &fauxConnPool{}) err := r.AddArea(otherID, other, &fauxConnPool{}, false)
if err == nil || !strings.Contains(err.Error(), "router is shut down") { if err == nil || !strings.Contains(err.Error(), "router is shut down") {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -141,7 +141,7 @@ func TestRouter_Routing(t *testing.T) {
// Create a WAN-looking area. // Create a WAN-looking area.
self := "node0.dc0" self := "node0.dc0"
wan := testCluster(self) wan := testCluster(self)
if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}); err != nil { if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -170,7 +170,7 @@ func TestRouter_Routing(t *testing.T) {
other.AddMember("dc0", "node0", nil) other.AddMember("dc0", "node0", nil)
other.AddMember("dc1", "node1", nil) other.AddMember("dc1", "node1", nil)
other.AddMember("dcY", "node1", nil) other.AddMember("dcY", "node1", nil)
if err := r.AddArea(otherID, other, &fauxConnPool{}); err != nil { if err := r.AddArea(otherID, other, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -275,7 +275,7 @@ func TestRouter_Routing_Offline(t *testing.T) {
// Create a WAN-looking area. // Create a WAN-looking area.
self := "node0.dc0" self := "node0.dc0"
wan := testCluster(self) wan := testCluster(self)
if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{1.0}); err != nil { if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{1.0}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -329,7 +329,7 @@ func TestRouter_Routing_Offline(t *testing.T) {
other := newMockCluster(self) other := newMockCluster(self)
other.AddMember("dc0", "node0", nil) other.AddMember("dc0", "node0", nil)
other.AddMember("dc1", "node1", nil) other.AddMember("dc1", "node1", nil)
if err := r.AddArea(otherID, other, &fauxConnPool{}); err != nil { if err := r.AddArea(otherID, other, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -354,7 +354,7 @@ func TestRouter_GetDatacenters(t *testing.T) {
self := "node0.dc0" self := "node0.dc0"
wan := testCluster(self) wan := testCluster(self)
if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}); err != nil { if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -386,7 +386,7 @@ func TestRouter_GetDatacentersByDistance(t *testing.T) {
// Start with just the WAN area described in the diagram above. // Start with just the WAN area described in the diagram above.
self := "node0.dc0" self := "node0.dc0"
wan := testCluster(self) wan := testCluster(self)
if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}); err != nil { if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -404,7 +404,7 @@ func TestRouter_GetDatacentersByDistance(t *testing.T) {
other := newMockCluster(self) other := newMockCluster(self)
other.AddMember("dc0", "node0", lib.GenerateCoordinate(20*time.Millisecond)) other.AddMember("dc0", "node0", lib.GenerateCoordinate(20*time.Millisecond))
other.AddMember("dc1", "node1", lib.GenerateCoordinate(21*time.Millisecond)) other.AddMember("dc1", "node1", lib.GenerateCoordinate(21*time.Millisecond))
if err := r.AddArea(otherID, other, &fauxConnPool{}); err != nil { if err := r.AddArea(otherID, other, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -423,7 +423,7 @@ func TestRouter_GetDatacenterMaps(t *testing.T) {
self := "node0.dc0" self := "node0.dc0"
wan := testCluster(self) wan := testCluster(self)
if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}); err != nil { if err := r.AddArea(types.AreaWAN, wan, &fauxConnPool{}, false); err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }